Lucene search

MicrofocusCVE-2017-7437

HistoryMar 05, 2018 - 4:29 p.m.

CVE-2017-7437

2018-03-0516:29:00

CWE-79

microfocus

web.nvd.nist.gov

cve-2017-7437

netiq

privileged account manager

xss

cross site scripting

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.4%

JSON

NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the “type” and “account” parameters of json requests.

Affected configurations

Nvd

Node

netiqprivileged_account_managerRange≤3.0

netiqprivileged_account_managerMatch3.1

netiqprivileged_account_managerMatch3.1hotfix1

netiqprivileged_account_managerMatch3.1hotfix2

VendorProductVersionCPE
netiqprivileged_account_manager*cpe:2.3:a:netiq:privileged_account_manager:*:*:*:*:*:*:*:*
netiqprivileged_account_manager3.1cpe:2.3:a:netiq:privileged_account_manager:3.1:*:*:*:*:*:*:*
netiqprivileged_account_manager3.1cpe:2.3:a:netiq:privileged_account_manager:3.1:hotfix1:*:*:*:*:*:*
netiqprivileged_account_manager3.1cpe:2.3:a:netiq:privileged_account_manager:3.1:hotfix2:*:*:*:*:*:*

Vendor	Product	Version	CPE
netiq	privileged_account_manager	*	cpe:2.3:a:netiq:privileged_account_manager::::::::
netiq	privileged_account_manager	3.1	cpe:2.3:a:netiq:privileged_account_manager:3.1:::::::*
netiq	privileged_account_manager	3.1	cpe:2.3:a:netiq:privileged_account_manager:3.1:hotfix1::::::
netiq	privileged_account_manager	3.1	cpe:2.3:a:netiq:privileged_account_manager:3.1:hotfix2::::::

CNA Affected

[
  {
    "product": "Privileged Account Manager",
    "vendor": "NetIQ",
    "versions": [
      {
        "lessThan": "3.1 Patch Update 3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1001069

www.netiq.com/documentation/privileged-account-manager-3/npam3103-release-notes/data/npam3103-release-notes.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.4%

JSON

Related for CVE-2017-7437